Whether the result of a malicious insider purposefully leaking the information, or hackers taking advantage of workplace cybersecurity weaknesses, it is more vital than ever that organisations are vigilant about their cybersecurity practices.

To help, this blog post will cover 9 workplace cybersecurity measures to help prevent your company data from being sold on the darknet.

But first, a brief explanation.

What is the darknet?

The websites we browse every day – those visible and accessible via search engines – only make up a small percentage of the internet. This is what’s known as the surface web. Beyond the surface web, there is the deep web, where sites require credentials to access them (e.g. banking sites or paid firewall), and then there is the darknet. One estimate suggests that 96% of online content exists in the deep web and the darknet.

The darknet is a collection of networks on the internet that are purposefully hidden; in other words, they can only be accessed using special tools and software, and not via any search engines. Because of the anonymity that this provides users, the darknet can facilitates the exchange of stolen and hacked data, providing a place for hackers to sell data they’ve obtained, while also providing a forum for insiders with access to corporate data to sell that access.

9 workplace cybersecurity measures to protect your company data from the darknet

1. Educate employees about security protocols on a regular basis

Social engineering and business email compromise (BEC), whereby cybercriminals manipulate employees into performing an action or divulging confidential information, remains one of a hacker’s best weapons for infiltrating an organisation’s networks and gaining access to valuable data. 45% of cybercrime victims in 2017 were so because of phishing and fraudulent emails according to research from Norton by Symantec.

It’s important, therefore, that employees are educated regularly about cybersecurity best practices, including how to recognise suspicious emails, how to secure their BYOD devices, how to use social media safely and how to transmit data over networks securely.

While educating employees about password best practices is important, the reality is that these are rarely followed – employees struggle to remember long, complex passwords with letters, numbers and characters, and frequent password updating just leads to predictable patterns that hackers can easily guess.

Instead, a password manager, such as LastPass or Dashlane, which encrypts and stores passwords in a secured vault that is protected by a single master password, can make it much easier for employees to comply to password policies.

Enforcing two-factor authentication, whereby users have to enter a code after typing in their login details, can also add an extra layer of security, particularly when it comes to protecting information from being sold on the darknet, as any login details that have been criminally obtained are effectively useless without the code.

3. Consider alternative authentication methods

Biometrics can also play an important role when it comes to accurately and securely authenticating users and removing the burden of passwords.

For example, typing recognition, a type of behavioural biometric that uses artificial intelligence to identify the unique ways in which people type on a keyboard, can provide a seamless and continuous means of confirming a user’s identity, ensuring any unauthorised access to an employee’s account is automatically detected. Not to mention behavioural biometrics are impervious to theft. TypingDNA is one company that offers such a service.

4. Have a stringent BYOD (Bring Your Own Device) policy

BYOD workplaces are particularly susceptible to data breaches, due to the lack of control your organisation has over security measures that employees use. Mobile devices are also particularly vulnerable – according to Symantec’s Internet Security Threat Report 2018, mobile malware increased by 54 per cent in 2017, as compared to 2016. That’s why it’s crucial to have a stringent and enforceable BYOD policy that includes security measures, such as ensuring screens are locked after a certain amount of time, or banning certain unsecured apps from being downloaded.

Technology can also help to ensure employee compliance to the policy. Mobile device management (MDM) software can restrict risky behaviour; configure devices to use a PIN number to lock the device; locate, lock and wipe lost devices; and keep personal and corporate data separate in the event the device does have to be wiped.

5. Use tech to monitor user behaviour and unusual activity

As tactics used by cybercriminals grow more sophisticated, so too must the tools we use to identify suspicious activity and protect our networks.

6. Use role-based access control

Restricting employee access is a simple way to reduce the amount of data that is exposed in the event of a data breach, while also helping to protect against insiders acting maliciously by selling the data themselves.

Role-based access control (RBAC) ensures employees can only access those parts of the network that are directly connected to their role, and it also controls their level of access by limiting their ability to view, create or modify a file.

7. Back up regularly and have a cyber incident response plan

The prevalence of ransomware, which is only expected to grow as cybercrime as a service becomes a bigger trend, means organisations have to be extra vigilant about ensuring their data is regularly backed up to an offline location, particularly as in many cases of ransomware attacks, it is impossible to crack the encryption.

Monitoring the darknet for any information leaks on a regular basis is one way to combat this. However, the very nature of the darknet means it is extremely difficult for any organisation to perform this type of monitoring themselves, as it requires lots of time and specialised knowledge.

It can be prudent, therefore, to employ a cybersecurity company to perform such services on your behalf, such as AusCERT or Symantec.

9. Consider cyber insurance

Data breaches are extremely costly – according to a study by IBM Security and Ponemon Institute, the average total cost of a data breach in 2017 was $3.62 million. Research from Norton by Symantec revealed that 79% of businesses have never had a cyber insurance policy in place however this can help to mitigate these costs and help businesses recover quickly from attacks.

While employee education remains an important facet of workplace cybersecurity, technology is a crucial means of filling gaps, ensuring compliance, and staying ahead of sophisticated attacks. Be sure to employ every resource at your disposal when it comes to securing that all important resource – your company data.